CISA, the Cybersecurity Information Sharing Act, advanced in a procedural vote last week and will have its final vote today, Tuesday. EFF continues to strongly oppose the bill.
Today, the bill's sponsors released an amendment previewing the final version of the bill. It's the second time in as many days and it should be a sign to Senators that more debate is needed on CISA.
The edits fix routine spelling errors, but also delete important reports about cybersecurity—one report on the risks to critical infrastructure and another on the government's adoption of security software. If CISA is really about protecting computer security, then the deletion of these reports is uncalled for.
Contrary to the claims of CISA supporters, the bill does not fix any core privacy concerns. For example, it does not require companies to affirmatively remove unrelated personal information before sharing any data. The bill also contains provisions making it worse than when it was first introduced since it allows any head of an agency to veto the Department of Homeland Security's privacy procedures controlling how the government receives information from companies.
The new language further weakens the fundamentally flawed bill, which already suffers from broad immunity clauses, vague definitions, and aggressive spying authorities. Further, the bill does not address problems that caused the recent highly publicized computer data breaches like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.
Privacy organizations, companies, academics, and computer scientists—including EFF, ACLU, Apple, Yelp, Symantec, Salesforce and Twitter—oppose the bill. And thousands of emails and over 1 million faxes have been sent to Congress telling lawmakers to vote against it. Please join us today and tell your Senator to oppose the bill before the final vote.
For these reasons, EFF continues to oppose the bill.